Kevin Judge
content writer
  • it security
1 Star2 Stars3 Stars4 Stars5 Stars
Loading...

OpenSSL Vulnerability Could be Exploited for Man-in-the-Middle Attacks

There is more bad news this week for the popular OpenSSL implementation of the SSL and TLS protocols, which was made vulnerable in April by the Heartbleed bug. This week we learned that OpenSSL has vulnerabilities that can be exploited by hackers for “Man-in-the-Middle” attacks.

According to an OpenSSL advisory:
“An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server”

The result is that a remote attacker can insert a process between browser and the server, a so called Man-in-the-Middle, and may be able to decrypt or modify traffic between a client and server.

This problem can be resolved with the application of the following updates:

  • OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
  • OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
  • OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
TEST YOUR EMAIL SECURITY
Share:

Stay in the loop

Sign up to our cyber security newsletter